#!/bin/sh
#!/bin/bash

### syslog-ng-debun: syslog debug bundle generator
### Written/Copyright: Gyorgy Pasztor <pasztor@linux.gyakg.u-szeged.hu>, (c) 2014-2016.
### Further enhancements: Janos Szigetvari - jszigetvari at gmail dot com, (c) 2016-2022.
### This software may be used and distributed according to the terms of GNU GPLv2
### http://www.gnu.org/licenses/gpl-2.0.html

unalias -a
LANG=en_US
LC_ALL=C
export LANG LC_ALL

version="0.3.20.20220117"

### Check for "local" variable support
if type local | grep builtin >/dev/null; then
	:
elif type bash >/dev/null; then
	exec bash $0 "$@"
else
	printf "No local variable support on this system\n" >&2
	exit 1
fi

###
### Global defaults
### Do not overwrite them, parameters or distro / OS specific detections will do that if neccessary
###

argv_backup="${@}"
engage=0
os="none"
dist="none"
default_debug_params="-Fedv --enable-core"
default_ldebug_params="-Fev"
default_pcap_params="port 514 or port 601 or port 53"
extras=""
sngallpids=""
wecpid=""
debugpid=none
debugtailpid=none
pcappid=none
tracepids=""
ipconfig="ip addr"
routeconfig () { netstat -nr ; }
netstatnlp () { netstat -nlp ; }
netstatlunp () { netstat -lunp ; }
netstatpunt () { netstat -punt ; }
netstatpn () { netstat -pn ; }
netstatsu="netstat -su"
binprefix=/opt/syslog-ng
absscldirs="/usr/share/syslog-ng/include/scl"
relscldirs="share/include/scl share/syslog-ng/include/scl"
workdir=/tmp
lsof="lsof -p"
no_lsof_fallback() { echo "No lsof in path."; }
pscmd="ps auxwwwwwf"
pseao="ps -eao"
cpiopdL="cpio -pdL"
findL () { find -L "$@" ; }
dfk="df -k"
dfh="df -h"
dfi="df -i"
duks="du -ks"
grepq="fgrep -q"
lddcmd="ldd"
topcmd () { top -b -n 1 -c >"${1}"; }
opensslcmd="openssl"
sed_equivalent_cmd="sed -Ee"
mount=mount
varlimit=1000
myplimit () { echo "Plimit query is not supported on this platform" >&3 ; }
distpkgoffile () { echo "Package file search is not supported (yet) on this platform" >&3 ; }
distpkgstatus () { echo "Package status query is not (yet) supported on this platform" >&3 ; }
selftar="tar cf - ."
gzipcmd="gzip -9"
showdep="dpkg -S"
pcapifparm=-i
w=w
vmstat=vmstat
dmesg=dmesg
timestamp () { date +%s ; }
tcpdumpcmd="tcpdump"
tcpdumpopts="-p -s 1500 -w"
opensslmajor=0
getsyslogpids () { pidof syslog-ng ; }
os_hash_helper () { find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -print0 | xargs -0 md5sum ; }
dfk_parser () { tail -1 | while read FS ALL USED AVAIL UPERC MP; do if echo ${AVAIL} | ${grepq} '%'; then echo ${USED} ; else echo ${AVAIL} ; fi done ; }
trace="strace -s256 -ff -ttT -f"
initfile="/etc/init.d/syslog-ng"
service_stop="${initfile} stop"
service_start="${initfile} start"
service_status="${initfile} status"
#checkpid () { [ -d /proc/"$1" ]; }
#some old Unix versions did not have procfs, and kill -0 allows to check whether a PID exists
#for reference: http://pubs.opengroup.org/onlinepubs/009695399/functions/kill.html
checkpid () { [ -n "$1" ] && kill -0 "$1" 2>/dev/null ; }
#mywait () { jobs -p >${tmpdir}/sdn.jobs ; for i in `grep -v "\<$tailpid\>" ${tmpdir}/sdn.jobs` ; do wait $i ; done ; }
mywait () { jobs -p >${tmpdir}/sdn.jobs ; for i in $( grep -v "^$tailpid\$" ${tmpdir}/sdn.jobs ) ; do wait $i ; done ; }
is_available () { which "$1" >/dev/null 2>&1; }
distpkgoffile_cleanup () { : ; }

###
### Show Usage
###
debun_usage () {
cat <<END
Usage: syslog-ng-debun [OPTIONS]

General Options:
  -r		Run actual information gathering
  -h		Show this help page
  -R [dir]	Syslog-ng-PE's alternate install dir, instead of /opt/syslog-ng
  -W [dir]	Work dir, where debug bundle will be placed
  -l		"light" collect: Don't get data, which may disturb your sense about
		privacy, like process tree, fstab, etc. If you use with -d, then it
		will also enlighten that's params: $default_ldebug_params
  -K		Include the private keys in the /etc/syslog-ng or /opt/syslog-ng/etc directory

Debug mode options:
  -d		Debug with params: $default_debug_params
		Warning! May increase disk io during the debug,
		and dumps huge amount of data!
  -D [params]	Debug with custom params
  -w [sec]	Wait [sec] seconds before start syslog's debug mode, and
		start realtime watching of it
  -t [sec]	Timeout for noninteractive debug

Packet capture options:
  -i [iface]	Capture packets on specified interface
  -p		Create packet capture with filter: $default_pcap_params
  -P [params]	Create packet capture with custom filter
  -T		Create packet capture with the tcpdump parameters specified, instead
			of the default: $tcpdumpopts
  -t [sec]	Timeout for noninteractive debug_

Syscall tracing options:
  -s		Trace syslog
  -t [sec]	Timeout for noninteractive debug
END
[ -n "$2" ] && printf "\nError: %s\n\n" "$2"
exit ${1:-0}
}

###
### Parsing optional parameters
###

while getopts "rhlKdD:pP:T:w:i:W:R:t:s" opt ; do
	case $opt in
		r)
			engage=1
			;;
		d)
			[ -n "$debug_params" ] && debun_usage 2 "Custom debug arguments have already been set, or debugging has already been requested"
			debug_params="$default_debug_params"
			debug_mode=1
			;;
		D)
			[ -n "$debug_params" ] && debun_usage 2 "Custom debug arguments have already been set, or debugging has already been requested"
			debug_params="$OPTARG"
			debug_mode=1
			;;
		i)
			[ -n "$pcap_iface" ] && debun_usage 2 "Pcap interface has already been set"
			pcap_iface="$OPTARG"
			;;
		h)
			debun_usage
			;;
		l)
			privacy_mode=1
			;;
		p)
			[ -n "$pcap_params" ] && debun_usage 2 "Pcap parameters have already been set, or packet capture has already been requested"
			pcap_params="$default_pcap_params"
			debug_mode=1
			;;
		P)
			[ -n "$pcap_params" ] && debun_usage 2 "Pcap parameters have already been set, or packet capture has already been requested"
			pcap_params="$OPTARG"
			debug_mode=1
			;;
		T)
			tcpdumpopts="$OPTARG"
			debug_mode=1
			;;
		R)
			binprefix="$OPTARG"
			;;
		t)
			timeout="$OPTARG"
			;;
		K)
			saveprivatekeys=1
			;;
		w)
			waitforit="$OPTARG"
			;;
		W)
			workdir="$OPTARG"
			;;
		s)
			tracing=1
			debug_mode=1
			;;
		*)
			debun_usage 2
			;;
	esac
done

if [ "${engage}" -eq 0 ]; then
	debun_usage
	exit 0
fi

# Parameter consistency checks
[ -n "$pcap_iface" ] && [ -z "$pcap_params" ] && debun_usage 2 "Pcap interface without packet caputre params (-p|-P args)"
[ -n "$waitforit" ] && [ -z "$debug_params" ] && debun_usage 2 "Waiting without debug mode run (-d|-D args)"
[ -n "$timeout" ] && [ -z "$debug_mode" ] && debun_usage 2 "Timeout without debug mode or packet capture"
[ -n "$privacy_mode" ] && [ "x$debug_params" = "x$default_debug_params" ] && debug_params="$default_ldebug_params"

syslogbin=${binprefix}/sbin/syslog-ng
syslogngctlbin=${binprefix}/sbin/syslog-ng-ctl
syslogngquerybin=${binprefix}/sbin/syslog-ng-query
vardir=${binprefix}/var
piddir=${vardir}/run
confdir=${binprefix}/etc
if [ -x "${binprefix}/libexec/syslog-ng" ]; then
	syslogrealbin=${binprefix}/libexec/syslog-ng
else
	syslogrealbin=${binprefix}/sbin/syslog-ng
fi

debun_init () {
	#Create temp dir, to place files into
	host=$( uname -n )
	date=$( date '+%Y-%m-%d_%H-%M' )
	tmpdir=${workdir}/syslog.debun.${host}.${date}.$$
	( umask 077 ; mkdir ${tmpdir} )
	[ -d "$tmpdir" ] || { printf "Could not create a temp directory\n" >&2 ; exit 1 ; }
	[ -z "$tmpdir" ] && { printf "Could not create a temp directory\n" >&2 ; exit 1 ; }

	# Start redirections

	#exec 3>&1 >${tmpdir}/syslog-ng.debun.txt 2>${tmpdir}/syslog-ng.debun.txt
	exec 3>&1 >${tmpdir}/syslog-ng.debun.txt 2>&1
	echo "Syslog-NG DEBUg buNdle generator"
	sync
	while [ ! -f ${tmpdir}/syslog-ng.debun.txt ] ; do sleep 1 ; done
	#nohup tail -f ${tmpdir}/syslog-ng.debun.txt >&3 &
	tail -f ${tmpdir}/syslog-ng.debun.txt >&3 &
	tailpid=$!
	#disown
}

debun_finish_debug () {
	if [ -n "$debug_mode" ]; then
		printf 'Generating second batch of statistics\n'
		acquire_syslog_stats
	fi

	if [ "${debugpid}" != "none" ]; then
		if checkpid ${debugpid} ; then
			kill -INT $debugpid
			checkpid ${debugpid} && sleep 1
			checkpid ${debugpid} && kill -9 $debugpid
			checkpid ${debugpid} && sleep 1
			checkpid ${debugpid} && echo "I gave up... debugger pid doesn't die"
		fi
		printf 'Debugpid: "%s"\n' "${debugpid}"
		( exec 3>&- ; $service_start ; )
	fi
	if checkpid ${debugtailpid} ; then
		kill $debugtailpid
	fi
	if checkpid ${pcappid} ; then
		kill -INT $pcappid
	fi
	if [ -n "$tracing" ]; then
		for i in ${tracepids} ; do
			checkpid $i && kill -INT $i
		done
		sleep 2
		for i in ${tracepids} ; do
			checkpid $i && kill -9 $i 2>/dev/null
		done
	fi
	mywait
}

debun_do_tarball () {
	cd ${tmpdir}
	touch ${tmpdir}.tgz
	chmod 600 ${tmpdir}.tgz
	${selftar} | ${gzipcmd} >${tmpdir}.tgz
	cd ..
	rm -r "${tmpdir}"
	printf "Terminating live message watcher: "
	sync
	kill ${tailpid}
	sync
	sleep 1
}

debun_generate_hashes () {
	cd ${tmpdir}
	os_hash_helper > debun.manifest
}

debun_final() {
	debun_finish_debug
	[ -n "$service_status" ] && $service_status >${tmpdir}/svc.post

	# Generating stats again for the EPS counter
	if [ -z "$debug_mode" ]; then
		printf 'Generating second batch of statistics\n'
		acquire_syslog_stats
	fi

	printf "\nGenerating hashes..."
	debun_generate_hashes
	printf " done.\nDebug Bundle generation: Done.\n"
	exec >&3 2>&1
	debun_do_tarball
	printf "\n\nYour debug bundle will be stored at %s.tgz\n" "$tmpdir"
}

add_extra () {
	extras="${extras}${extras:+ }$@"
}

###
###PROCESS HANDLING FUNCTIONS
###
getparent () {
	local self
	local parent
	local ret
	local tmpfile=${tmpdir}/getparent.$$.txt
	$pseao pid,ppid >$tmpfile
	# Default value, learned after getchilds()'s forkbomb case
	unset ret
	while read self parent ; do
		[ "$1" = "$self" ] || continue
		ret=$parent
	done < $tmpfile
	rm $tmpfile
	echo $ret
}

getchilds () {
	local childs
	local dummy
	local child
	local tmpfile=${tmpdir}/getchilds.$$.txt
	$pseao ppid,pid >$tmpfile
	# Need to initialize it with a default value, since dash allows to inherit the caller's value, even if it's a local variable
	unset childs
	while read dummy child ; do
		[ "$1" = "$dummy" ] || continue
		childs="${childs}${childs:+ }$child"
	done < $tmpfile
	rm $tmpfile
	echo ${childs}
}

getallchilds () {
	local childs
	local subchilds
	childs=$( getchilds ${1} )
	local i
	# Default value, learned after getchilds()'s forkbomb case
	unset subchilds
	for i in ${childs} ; do
		subchilds="${subchilds}${subchilds:+ }$(getallchilds $i)"
	done
	echo ${childs} ${subchilds}
}

acquire_debun_info () {
	pwd > ${tmpdir}/debun.pwd
	echo "${0} ${argv_backup}" > ${tmpdir}/debun.argv
	echo "${version}" > ${tmpdir}/debun.version
	id > ${tmpdir}/debun.runas
	echo $PATH > ${tmpdir}/debun.path
}

acquire_system_info () {
	printf "System's full uname: "
	uname -a | tee "${tmpdir}/sys.uname"
	free >${tmpdir}/sys.free
	vmstat >${tmpdir}/sys.vmstat
	topcmd "${tmpdir}/sys.top"
	if is_available ${opensslcmd}; then
		${opensslcmd} version >${tmpdir}/sys.openssl.version
	fi
	if is_available java; then
		java -version >${tmpdir}/sys.java.version 2>&1
	fi
}

acquire_network_info () {
	printf "Getting network-interface information: "
	if $ipconfig >${tmpdir}/net.ip ; then
		printf "Success\n"
	else
		printf "Failed\n"
	fi
	printf "Getting network routes: "
	if routeconfig >${tmpdir}/net.route ; then
		printf "Success\n"
	else
		printf "Failed\n"
	fi
	printf "Getting DNS resolution-related information: "
	[ -f /etc/nsswitch.conf ] && cp /etc/nsswitch.conf ${tmpdir}/sys.nsswitch.conf
	[ -f /etc/resolv.conf ] && cp /etc/resolv.conf ${tmpdir}/sys.resolv.conf
	[ -f /etc/hosts ] && cp /etc/hosts ${tmpdir}/sys.hosts
	printf "Done\n"
}

acquire_system_process_info () {
	echo "List all processes"
	$pscmd >${tmpdir}/sys.ps
}

acquire_filesystem_info () {
	echo "Mount and disk free info collection"
	$dfk >${tmpdir}/sys.df_k
	$dfh >${tmpdir}/sys.df_h
	$dfi >${tmpdir}/sys.df_i 2>/dev/null
	$mount >${tmpdir}/sys.mount
}

acquire_system_other_info () {
	$w >${tmpdir}/sys.w
	$dmesg >${tmpdir}/sys.dmesg
	netstatnlp >${tmpdir}/sys.netstat.ltn
	netstatlunp >${tmpdir}/sys.netstat.lunp
	netstatpunt >${tmpdir}/sys.netstat.est
	netstatpn >${tmpdir}/sys.netstat.pn
	$netstatsu >${tmpdir}/sys.netstat.su
	[ -f /proc/net/udp ] && cp /proc/net/udp ${tmpdir}/sys.proc.net.udp
}

### Here comes the general info acquiring parts
acquire_general_info () {
	printf "\nStart general info collection\n"
	acquire_debun_info
	acquire_system_info
	[ -n "$privacy_mode" ] && return
	acquire_network_info
	acquire_system_process_info
	acquire_filesystem_info
	acquire_system_other_info
}

pki_is_certificate () {
	grep "BEGIN CERTIFICATE" "${1}" 2>/dev/null | ${grepq} -v "REQUEST"
}

pki_count_certificates () {
	grep -c "BEGIN CERTIFICATE"	"${1}" 2>/dev/null
}

pki_is_private_key () {
	${grepq} "PRIVATE KEY" "${1}" 2>/dev/null
}

pki_is_public_key () {
	${grepq} "PUBLIC KEY" "${1}" 2>/dev/null
}

pki_is_rsa () {
	${grepq} "RSA " "${1}" 2>/dev/null
}

pki_is_dsa () {
	${grepq} "DSA " "${1}" 2>/dev/null
}

pki_is_ecdsa () {
	${grepq} " EC " "${1}" 2>/dev/null
}

pki_is_encrypted () {
	if ${grepq} "ENCRYPTED" "${1}"; then
		return 0
	else
		local buffer_error
		buffer_error=$( ${opensslcmd} rsa -in "${1}" -noout -text 2>&1 >/dev/null )
		if echo "${buffer_error}" | ${grepq} "problems getting password"; then
			return 0
		else
			return 1
		fi
	fi
}

pki_parse_public_key () {
	oneline_cert=$( tr -d '\n' | tr -d ' ' )
	[ -z "${oneline_cert}" ] && printf "NO_PUBLIC_KEY_COULD_BE_EXTRACTED;" && return

	if echo "${oneline_cert}" | $grepq "UnabletoloadPublicKey"; then
		printf "OPENSSL_TOO_OLD|NO_ECDSA_SUPPORT_IN_OPENSSL;"
	else
		if echo "${oneline_cert}" | $grepq "PublicKey:X509v3extensions"; then
			printf "NO_PUBLIC_KEY_COULD_BE_EXTRACTED;"
		else
			echo "${oneline_cert}" | ${sed_equivalent_cmd} 's/^.*(Modulus|modulus|pub)(\([0-9]+bit\))?:([a-f0-9:]+).*$/Public Key=\3;/'
		fi
	fi
}

pki_guess_certificate () {
	local header fsize buffer_pubkey buffer_rest hashopts hashnum
	fsize=$( wc -c "${1}" | ${sed_equivalent_cmd} 's:^ *([0-9]+) .*$:\1:' )

	if [ ${opensslmajor} -gt 0 ]; then
			hashopts="-subject_hash -subject_hash_old"
			hashnum="2;"
	else
			hashopts="-hash"
			hashnum="1;"
	fi

	certcount=$( pki_count_certificates "${1}" )
	[ "${certcount}" -gt 1 ] && header="STACKED_CERTIFICATE(${certcount});${1};" || header="CERTIFICATE;${1};"
	buffer_pubkey=$( ${opensslcmd} x509 -in "${1}" -text -noout  2>/dev/null | pki_parse_public_key )
	buffer_rest=$( ${opensslcmd} x509 -in "${1}" -noout ${hashopts} -serial -dates -fingerprint -subject -issuer | tr '\n' ';' )
	printf "${header}${fsize};${buffer_pubkey}${hashnum}${buffer_rest}"
}

pki_guess_private_key () {
	local header fsize buffer_pubkey buffer_error
	fsize=$( wc -c "${1}" | ${sed_equivalent_cmd} 's:^ *([0-9]+) .*$:\1:' )

	if pki_is_encrypted "${1}"; then
		header="PRIVATE_ENCRYPTED;${1};"
	else
		if pki_is_rsa "${1}"; then
			header="PRIVATE_RSA;${1};"
			buffer_pubkey=$( ${opensslcmd} rsa -in "${1}" -noout -text 2>/dev/null | pki_parse_public_key )
		elif pki_is_dsa "${1}"; then
			header="PRIVATE_DSA;${1};"
			buffer_pubkey=$( ${opensslcmd} dsa -in "${1}" -noout -text 2>/dev/null | pki_parse_public_key )
		elif pki_is_ecdsa "${1}"; then
			header="PRIVATE_EC;${1};"
			buffer_error=$( ${opensslcmd} ec -in "${1}" -noout -text 2>&1 >/dev/null )
			if echo "${buffer_error}" | ${grepq} "'ec' is an invalid command"; then
				buffer_pubkey="NO_ECDSA_SUPPORT_IN_OPENSSL;"
			elif echo "${buffer_error}" | $grepq "unable to load"; then
				buffer_pubkey="OPENSSL_TOO_OLD;"
			else
				buffer_pubkey=$( ${opensslcmd} ec -in "${1}" -noout -text 2>/dev/null | pki_parse_public_key )
			fi
		else
			header="UNKNOWN_PRIVATE;${1};"
			buffer_pubkey=";"
		fi
	fi
	printf "${header}${fsize};${buffer_pubkey}"
}

pki_guess_public_key () {
	# Public keys do not have their type in the PEM header/footer

	local header fsize buffer_pubkey buffer_error
	header="PUBLIC;${1};"
	fsize=$( wc -c "${1}" | ${sed_equivalent_cmd} 's:^ *([0-9]+) .*$:\1:' )

	if [ ${opensslmajor} -gt 0 ]; then
		buffer_error=$( ${opensslcmd} pkey -pubin -in "${1}" -noout -text 2>&1 >/dev/null )
		if echo "${buffer_error}" | ${grepq} "unable to load"; then
			header="UNKNOWN_PUBLIC;${1};"
			buffer_pubkey="OPENSSL_TOO_OLD|NO_ECDSA_SUPPORT_IN_OPENSSL;"
		else
			buffer_pubkey=$( ${opensslcmd} pkey -pubin -in "${1}" -noout -text 2>/dev/null | pki_parse_public_key )
		fi
	else
		buffer_error=$( ${opensslcmd} rsa -pubin -in "${1}" -noout -text 2>&1 >/dev/null )
		if echo "${buffer_error}" | ${grepq} "expecting an rsa key"; then
			buffer_error=$( ${opensslcmd} dsa -pubin -in "${1}" -noout -text 2>&1 >/dev/null )
			if echo "${buffer_error}" | ${grepq} "expecting a dsa key"; then
				buffer_error=$( ${opensslcmd} ec -pubin -in "${1}" -noout -text 2>&1 >/dev/null )
				if echo "${buffer_error}" | ${grepq} "expecting a ec key"; then
					header="UNKNOWN_PUBLIC;${1};"
					buffer_pubkey=";"
				elif echo "${buffer_error}" | ${grepq} "'ec' is an invalid command"; then
					header="UNKNOWN_PUBLIC;${1};"
					buffer_pubkey="NO_ECDSA_SUPPORT_IN_OPENSSL;"
				else
					buffer_pubkey=$( ${opensslcmd} ec -pubin -in "${1}" -noout -text 2>/dev/null | pki_parse_public_key )
				fi
			else
				buffer_pubkey=$( ${opensslcmd} dsa -pubin -in "${1}" -noout -text 2>/dev/null | pki_parse_public_key )
			fi
		elif echo "${buffer_error}" | ${grepq} "unable to load"; then
			header="UNKNOWN_PUBLIC;${1};"
			buffer_pubkey="OPENSSL_TOO_OLD|NO_ECDSA_SUPPORT_IN_OPENSSL;"
		else
			buffer_pubkey=$( ${opensslcmd} rsa -pubin -in "${1}" -noout -text 2>/dev/null | pki_parse_public_key )
		fi
	fi
	printf "${header}${fsize};${buffer_pubkey}"
}

pki_other_file () {
	local fsize
	fsize=$( wc -c "${1}" | ${sed_equivalent_cmd} 's:^ *([0-9]+) .*$:\1:' )
	printf "OTHER_FILE;${1};${fsize};"
}

pki_process_file () {
	local output_buffer

	if pki_is_certificate "${1}"; then
		output_buffer=$( pki_guess_certificate "${1}" )
	else
		if pki_is_private_key "${1}"; then
			output_buffer=$( pki_guess_private_key "${1}"  )
		elif pki_is_public_key "${1}"; then
			output_buffer=$( pki_guess_public_key "${1}" )
		else
			output_buffer=$( pki_other_file "${1}" )
		fi
	fi
	echo "${output_buffer}"
}

acquire_syslog_pki_info () {
	printf "Gathering PKI information... "
	if is_available ${opensslcmd}; then
		local OPENSSL OPENSSLVER OPENSSLDAY OPENSSLMONTH OPENSSLYEAR REST
		read OPENSSL OPENSSLVER OPENSSLDAY OPENSSLMONTH OPENSSLYEAR REST <${tmpdir}/sys.openssl.version
		opensslmajor=${OPENSSLVER%%.*}
		cd "${confdir}"
		findL . -name '*.0' -o -name '*.1' -o -name '*.key' -o -name '*.crt' -o -name '*.pem' >${tmpdir}/syslog.etc.pki.files 2>/dev/null
		while read FILE; do
			pki_process_file "${FILE}" >>${tmpdir}/syslog.etc.pki.info.csv
		done <${tmpdir}/syslog.etc.pki.files
		printf "done.\n"
	else
		printf "no openssl found in PATH.\n"
	fi
}

remove_passwords_from_file () {
	#
	# Double quotes are used because escaping single quotes within a single quoted string is ugly.
	# [ \t\r\n\v\f] class is used for matching whitespaces, because \s is unavailable.
	# The goal is matching substrings that look like this, to replace the password string, and preserve original formatting:
	# password ( 'password-string' ) -->  password ( '___PASSWORD_REMOVED___' )
	###
	${sed_equivalent_cmd} "s|password([ \t\r\n\v\f]*)\(([ \t\r\n\v\f]*)([\"']?)[^)\"']+\3([ \t\r\n\v\f]*)\)|password\1(\2\3___PASSWORD_REMOVED___\3\4)|g" <"${1}" | \
		${sed_equivalent_cmd} "s|token([ \t\r\n\v\f]*)\(([ \t\r\n\v\f]*)([\"']?)[^)\"']+\3([ \t\r\n\v\f]*)\)|token\1(\2\3___AUTH_TOKEN_REMOVED___\3\4)|g" | \
		${sed_equivalent_cmd} "s|Authorization: [^\"']+|Authorization: ___AUTH_TOKEN_REMOVED___|g" >"${1}.bak"

	[ -s "${1}.bak" ] && mv "${1}.bak" "${1}"
}

acquire_syslog_config () {
	echo "Copy configuration files from $confdir"
	cd "${confdir}"
	mkdir ${tmpdir}/config
	findL . > ${tmpdir}/syslog.etc.files
	touch ${tmpdir}/syslog.etc.files.removed

	if [ -z "$saveprivatekeys" ]; then
		grep '\.key$' ${tmpdir}/syslog.etc.files >> ${tmpdir}/syslog.etc.files.removed
		grep '\.jks$' ${tmpdir}/syslog.etc.files >> ${tmpdir}/syslog.etc.files.removed
		grep '\.keytab$' ${tmpdir}/syslog.etc.files >> ${tmpdir}/syslog.etc.files.removed
		grep -v '\.key$' ${tmpdir}/syslog.etc.files | grep -v '\.jks$' | grep -v '\.keytab$' | \
			while read FILE; do \
				if pki_is_private_key "${FILE}" 2>/dev/null; then
					echo "${FILE}" >> ${tmpdir}/syslog.etc.files.removed
				else
					echo "${FILE}"
				fi
			done > ${tmpdir}/syslog.etc.files.saved
	else
		cp ${tmpdir}/syslog.etc.files ${tmpdir}/syslog.etc.files.saved
	fi
	$cpiopdL ${tmpdir}/config < ${tmpdir}/syslog.etc.files.saved

	findL ${tmpdir}/config -name "*.conf*" | \
		while read FILE; do \
			remove_passwords_from_file "${FILE}"
		done

	echo "Copy SCL configuration files"
	mkdir ${tmpdir}/scl
	for dir in ${absscldirs}; do
		if [ -d "${dir}" ]; then
			cd "${dir}"
			local dirname=$( echo "${dir}" | ${sed_equivalent_cmd} 's/\//_/g' )
			mkdir "${tmpdir}/scl/${dirname}"
			findL . | $cpiopdL "${tmpdir}/scl/${dirname}"
		fi
	done
	for dir in ${relscldirs}; do
		if [ -d "${binprefix}/${dir}" ]; then
			cd "${binprefix}/${dir}"
			local dirname=$( echo "${binprefix}/${dir}" | ${sed_equivalent_cmd} 's/\//_/g' )
			mkdir "${tmpdir}/scl/${dirname}"
			findL . | $cpiopdL "${tmpdir}/scl/${dirname}"
		fi
	done
}

acquire_syslog_pids () {
	echo 'Old "getsyslogpids":' >${tmpdir}/syslog.pids
	getsyslogpids >>${tmpdir}/syslog.pids
	if [ -r "${piddir}/syslog-ng.pid" ]; then
		sngpid=$( cat ${piddir}/syslog-ng.pid )
	else
		# Handle when fhs is "linux"-like
		sngpid=$( $pseao pid,args | grep "[s]yslog-ng " | head -1 | while read PID CMD; do echo $PID; done )
	fi
	ppid=$( getparent $sngpid )
	sngallpids="$( getallchilds $sngpid )"
	echo "SVpid: $ppid SNGpid: $sngpid Chpids: ${sngallpids}" >>${tmpdir}/syslog.pids
	tail -1 ${tmpdir}/syslog.pids
	if [ -n "$ppid" ]; then
		sngallpids="$ppid $sngpid ${sngallpids}"
	else
		sngallpids="$( getsyslogpids )"
	fi
	# drop out the unneeded white spaces, since that disturb the ps command
	sngallpids=$( echo ${sngallpids} )
	if [ -n "${sngallpids}" ]; then
		printf 'ps -l -f -p "%s"\n' "${sngallpids}" >>${tmpdir}/syslog.pids
		ps -l -f -p "${sngallpids}" >>${tmpdir}/syslog.pids
	fi

	wecpid=$( $pseao pid,args | grep "[w]ec " | while read PID CMD; do echo $PID; done )
	[ -n "$wecpid" ] && echo $wecpid >${tmpdir}/wec.pid || echo "No wec was found running." >${tmpdir}/wec.pid

	[ -n "$service_status" ] && $service_status >${tmpdir}/svc.pre
}

acquire_syslog_stats () {
	local tsdata
	tsdata=$( timestamp )
	#handy-dandy delay magic, triggered when we'd step on our own foot
	[ -f ${tmpdir}/syslog.stats.${tsdata} ] && sleep 5 && tsdata=$( timestamp )

	${syslogngctlbin} stats > ${tmpdir}/syslog.stats.${tsdata} 2>&1
	echo ${syslogngctlbin} stats
	tsdata=$( timestamp )
	${syslogngctlbin} query get "*" > ${tmpdir}/syslog.query.all.${tsdata} 2>/dev/null
	echo ${syslogngctlbin} query get "*"
	if [ -x ${syslogngquerybin} ]; then
		#if we reach this brach, then syslog.query.all - as generated above - will not contain any meaningful data
		rm ${tmpdir}/syslog.query.all.${tsdata}
		tsdata=$( timestamp )
		${syslogngquerybin} sum "*" > ${tmpdir}/syslog.query.all.${tsdata} 2>/dev/null
		echo ${syslogngquerybin} sum "*"
	fi
}

acquire_syslog_info () {
	ls -la "${binprefix}" > ${tmpdir}/syslog.lsl.install_dir 2>&1
	printf "Syslog-ng's exact version: "
	$syslogbin --version > ${tmpdir}/syslog.version
	head -1 ${tmpdir}/syslog.version

	[ -x ${binprefix}/sbin/wec ] && ${binprefix}/sbin/wec -v 2>&1 > ${tmpdir}/wec.version

	if [ -z "$debug_mode" ]; then
		acquire_syslog_stats
	fi

	if ${syslogngctlbin} show-license-info > ${tmpdir}/syslog.license-usage 2>&1; then
		${syslogngctlbin} show-license-info --json > ${tmpdir}/syslog.license-usage.json 2>/dev/null
	fi
	echo ${syslogngctlbin} show-license-info
	${syslogngctlbin} credentials status > ${tmpdir}/syslog.credentials.status 2>&1
	echo ${syslogngctlbin} credentials status

	for i in ${sngallpids} ; do
		is_available ${lsof%% *} && $lsof $i >${tmpdir}/syslog.$i.lsof 2>/dev/null || no_lsof_fallback $i >${tmpdir}/syslog.$i.lsof
		myplimit $i >${tmpdir}/syslog.$i.limits
	done

	if [ -n "$wecpid" ]; then
		while read i; do
			is_available ${lsof%% *} && $lsof $i >${tmpdir}/wec.$i.lsof || no_lsof_fallback $i >${tmpdir}/wec.$i.lsof
		done < ${tmpdir}/wec.pid
	fi

	$syslogbin -s --preprocess-into "${tmpdir}/syslog.pp.conf"
	[ -f "${tmpdir}/syslog.pp.conf" ] && remove_passwords_from_file "${tmpdir}/syslog.pp.conf"
}

acquire_syslog_var () {
	ls -laR "${vardir}" >${tmpdir}/syslog.lslR.var 2>&1

	$duks "${vardir}/" >${tmpdir}/syslog.duks.var
	read vardu dir <${tmpdir}/syslog.duks.var
	mkdir ${tmpdir}/var
	cd "${vardir}"

	freek_tmp=$( ${dfk} ${tmpdir} | dfk_parser )
	#
	# low disk-space => only copy the persist file and the pid file
	###
	if [ "${freek_tmp}" -gt "${vardu}" ] ; then
		if [ "$vardu" -lt "$varlimit" ] ; then
			findL . | grep -v run\\/syslog-ng.ctl$ | $cpiopdL ${tmpdir}/var
		else
			printf "Size of ${vardir} is larger than $varlimit kilobytes.\n"
			printf "Do you really want to copy all of its contents? Type 'YES' with all capitals: "
			read ans
			if [ "$ans" = "YES" ]; then
				findL . | grep -v "syslog-ng*\.ctl" | $cpiopdL ${tmpdir}/var
			else
				printf "Only copying most important files on user request.\n"
				findL . \( -name "*.persist" -o -name "*.state" -o -name "*.pid" -o -path "*/reports/*" \) | grep -v "syslog-ng.*\.ctl" | $cpiopdL ${tmpdir}/var
			fi
		fi
	else
		printf "TOO LOW free disk space on the filesystem holding ${tmpdir}\n"
		printf "to create a full copy of ${vardir}!\nOnly copying most important files.\n"
		findL . \( -name "*.persist" -o -name "*.state" -o -name "*.pid" -o -path "*/reports/*" \) | grep -v "syslog-ng.*\.ctl" | $cpiopdL ${tmpdir}/var
	fi
}

format_ldd_output () {
	while read x ; do
		#	libsyslog-ng-5.0.5.so => /opt/syslog-ng/lib/libsyslog-ng-5.0.5.so (0x00007f9b42990000)
		#/opt/syslog-ng/lib/libsyslog-ng-5.0.5.so (0x00007f9b42990000)
		x="/${x#*/}"
		#/opt/syslog-ng/lib/libsyslog-ng-6.0.2.so (0x00007f034c8c0000)
		#/opt/syslog-ng/lib/libsyslog-ng-6.0.2.so
		x="${x%% (*}"
		#AIX:
		#/opt/syslog-ng/lib/libsyslog-ng.a(libsyslog-ng-5.0.14.so)
		#/opt/syslog-ng/lib/libsyslog-ng.a
		x="${x%%(*}"
		[ "${x}" != "/ " ] && [ -f "${x}" ] && echo "$x"
	done
}


acquire_syslog_ldinfo () {
	$lddcmd $syslogrealbin |grep -v needs >${tmpdir}/syslog.ldd
	format_ldd_output <${tmpdir}/syslog.ldd >${tmpdir}/syslog.ldfiles
	for i in $( cat ${tmpdir}/syslog.ldfiles ) ; do
		distpkgoffile $i >>${tmpdir}/syslog.ldpkg
	done
	distpkgoffile_cleanup
	sort <${tmpdir}/syslog.ldpkg | uniq >${tmpdir}/syslog.ldpkg.u
	mv ${tmpdir}/syslog.ldpkg.u ${tmpdir}/syslog.ldpkg
	for i in $( cat ${tmpdir}/syslog.ldpkg ) ; do
		distpkgstatus $i >>${tmpdir}/syslog.ldinfos
	done
}

acquire_syslog_startup_method () {
	printf "Detecting init system: "
	if [ -d "/run/systemd/system" ]; then
		acquire_syslog_startup_systemdunit
	elif [ -d "/lib/svc/method" ]; then
		acquire_syslog_startup_smf
	else
		acquire_syslog_startup_initscript
	fi
	for i in /etc/default/syslog-ng* ; do
		[ -f "${i}" ] && cp "${i}" "${tmpdir}/sys.startup.default.${i##*/}"
	done
	for i in /etc/sysconfig/syslog-ng* ; do
		[ -f "${i}" ] && cp "${i}" "${tmpdir}/sys.startup.sysconfig.${i##*/}"
	done
}

acquire_syslog_startup_initscript () {
	if [ -n "${initfile}" ]; then
		printf "falling back to SystemV init style...\n"
		cp "${initfile}" "${tmpdir}/sys.startup.init.syslog-ng"
		chmod 0660 "${tmpdir}/sys.startup.init.syslog-ng"
	else
		printf "none.\n"
	fi
}

acquire_syslog_startup_systemdunit () {
	printf "systemd detected...\n"
	systemctl list-units --type=service --plain --no-legend --no-pager --all | grep syslog | grep -vE '(not-found|masked)' | tee "${tmpdir}/sys.startup.systemd-instances" | \
		while read SERVICE LOAD ACTIVE SUB DESCRIPTION ; do output_buffer=$( systemctl show -p FragmentPath ${SERVICE} ) ; echo "${output_buffer##FragmentPath=}" ; done | \
		while read UNITFILE; do SUFFIX=$( echo "${UNITFILE}" | tr / . ); cp "${UNITFILE}" "${tmpdir}/sys.startup.systemd-service${SUFFIX}" ; done
}

acquire_syslog_startup_smf () {
	printf "Solaris SMF detected...\n"
	cp "/lib/svc/method/syslog-ng" "${tmpdir}/sys.startup.svc-method.syslog-ng"
	chmod 0660 "${tmpdir}/sys.startup.svc-method.syslog-ng"
	cp "/var/svc/manifest/system/syslog-ng.xml" "${tmpdir}/sys.startup.svc-manifest.syslog-ng.xml"
	svcs -H system/syslog* >"${tmpdir}/sys.startup.svc-instances"
}

acquire_syslog_all () {
	printf "\nStart Syslog-specific info collection\n"
	acquire_syslog_config
	acquire_running_syslog_config
	acquire_syslog_pki_info
	acquire_syslog_pids
	acquire_syslog_info
	acquire_syslog_var
	acquire_syslog_ldinfo
	acquire_syslog_startup_method

}

acquire_syslog_nprv () {
	printf "\nStart Syslog-specific info collection (light)\n"
	acquire_running_syslog_config
	acquire_syslog_pids
	acquire_syslog_info
	acquire_syslog_ldinfo
	acquire_syslog_startup_method
}

acquire_running_syslog_config() {
	if ${syslogngctlbin} config >/dev/null 2>&1; then
		${syslogngctlbin} config -p > "${tmpdir}/syslog-ng.ctl.running.conf" 2>&1
		[ -z "$saveprivatekeys" ] && remove_passwords_from_file "${tmpdir}/syslog-ng.ctl.running.conf"
	fi
}

fhs_set_linux () {
	confdir=/etc/syslog-ng
	vardir=/var/lib/syslog-ng
	piddir=/var/lib/syslog-ng
	syslogbin=/usr/sbin/syslog-ng
	syslogngctlbin=/usr/sbin/syslog-ng-ctl
	syslogngquerybin=/usr/sbin/syslog-ng-query
	syslogrealbin=/usr/sbin/syslog-ng
}

fhs_set_unix () {
	:
}

rpm_verify () {
	local found=0
	for pkg in "${@}"; do
		if rpm -q "${pkg}" ; then
			rpm -V "${pkg}" && echo "${pkg}: Package files are intact"
			((found+=1))
		fi
	done
	[ ${found} -eq 0 ] && return 1 || return 0
}

### Here comes the linux & distro specific parts

debun_extra_debian () {
	printf "\nDebian specific checks\n"
	printf "Check package files integrity\n"
	cd /
	for package in $(dpkg -l syslog-ng\* | grep "ii" | awk -F " " '{print $2}')
	do
		dpkg --verify ${package} && printf "Package ${package} files are intact\n"
	done
	printf "list syslog-related packages\n"
	dpkg -l |grep syslog > ${tmpdir}/deb.packages
}

debun_extra_redhat () {
	printf "\nRedhat specific checks\n"
	printf "Check package files integrity\n"
	rpm_verify syslog-ng-premium-edition syslog-ng-premium-edition-client syslog-ng-premium-edition-compact || \
		printf "No syslog-ng RPM packages have been found!\n"
	printf "list syslog-related packages\n"
	rpm -qa |grep syslog > ${tmpdir}/rpm.packages
}

debun_extra_slackware () {
	printf "\nSlackware Linux specific checks\n"
	printf "list syslog-related packages\n"
	find /var/log/packages -name "*sys*log*" | while read -r FILE; do echo "${FILE##*/}"; done > ${tmpdir}/pkg.packages
}

debun_extra_suse() {
	printf "\nSuSE specific checks\n"
	printf "Check package files integrity\n"
	rpm_verify syslog-ng-premium-edition syslog-ng-premium-edition-client syslog-ng-premium-edition-compact || \
		printf "No syslog-ng RPM packages have been found!\n"
	printf "list syslog-related packages\n"
	rpm -qa | grep syslog > ${tmpdir}/rpm.packages
	#on opensuse "ss utility, iproute2-ss071016" crashes when run with the -punt CLI options
	if is_available netstat; then
		#this info should only be collected if the user has not requested privacy mode
		#we value our customer's sense of privacy
		if [ -z "$privacy_mode" ]; then
			netstat -punt >${tmpdir}/sys.netstat.est.noss
			netstat -pn >${tmpdir}/sys.netstat.pn.noss
		fi
	fi

}

debun_extra_genlinux () {
	if is_available getenforce; then
		getenforce >"${tmpdir}/sys.selinux"
		if ${grepq} Enforcing "${tmpdir}/sys.selinux"; then
			echo "SELinux is in Enforcing mode! If you encounter any problems with debug bundle collection, consider temporarily switching to Permissive mode!"
		fi
		${pscmd}Z >"${tmpdir}/sys.ps.selinux"
		semodule -l >"${tmpdir}/sys.selinux.modules"
	else
		echo "No getenforce in path." >"${tmpdir}/sys.selinux"
	fi

	if is_available sysstat ; then
		sysstat -P ALL 1 5 >${tmpdir}/sys.sar.cpu
		sysstat -d 1 5 >${tmpdir}/sys.sar.disk
	elif is_available sar ; then
		sar -P ALL 1 5 >${tmpdir}/sys.sar.cpu
		sar -d 1 5 >${tmpdir}/sys.sar.disk
	fi
	if is_available top; then
		top -b -H -n 1 -c >${tmpdir}/sys.top.threads
	fi

	[ -n "$privacy_mode" ] && return
	if is_available dmidecode; then
		dmidecode >"${tmpdir}/sys.dmidecode"
	fi

	if is_available lspci; then
		lspci >"${tmpdir}/sys.lspci"
	else
		echo "No lspci in path." >"${tmpdir}/sys.lspci"
	fi
	sysctl -a >"${tmpdir}/sys.sysctl.all" 2>/dev/null
	cp /proc/cpuinfo "${tmpdir}/sys.cpuinfo"
}

debun_linux () {
	case "${dist}" in
		"Debian"|"Ubuntu")
			add_extra debun_extra_debian
			;;
		"CentOS"|"RedHatEnterprise"|"RedHatEnterpriseServer"|"RHEL"|"OracleServer"|"EnterpriseEnterpriseServer")
			add_extra debun_extra_redhat
			;;
		"SUSE LINUX")
			add_extra debun_extra_suse
			;;
		"Slackware")
			add_extra debun_extra_slackware
			;;
		*)
			echo "Unknown Distro, perhaps unsupported"
			;;
	esac

	add_extra debun_extra_genlinux
}

debun_extra_gensolaris () {
	sysdef >${tmpdir}/sys.sysdef
	kstat >${tmpdir}/sys.kstat
	cp /etc/release ${tmpdir}/sys.release
	if is_available showrev ; then
		showrev >${tmpdir}/sys.showrev
	fi
	if is_available sar ; then
		sar -u 1 5 >${tmpdir}/sys.sar.cpu
		sar -d 1 5 >${tmpdir}/sys.sar.disk
	fi
	if is_available top; then
		top -b -t -n 1 -c >${tmpdir}/sys.top.threads
	fi
	[ -x "/usr/platform/$( uname -i )/sbin/prtdiag" ] && /usr/platform/$(uname -i)/sbin/prtdiag -v &>${tmpdir}/sys.prtdiag
}

### Here comes solaris specific parts
debun_solaris () {
	add_extra debun_extra_gensolaris

	pkginfo | grep -i syslog > ${tmpdir}/pkg.packages
}

debun_extra_freebsd() {
	if is_available top; then
		top -b -d1 -H >${tmpdir}/sys.top.threads
	fi
}

debun_freebsd() {
	add_extra debun_extra_freebsd
}

debun_extra_hpux () {
	sysdef >${tmpdir}/sys.sysdef
	swlist >${tmpdir}/sys.swlist

	if is_available sar ; then
		sar -u 1 5 >${tmpdir}/sys.sar.cpu
		sar -d 1 5 >${tmpdir}/sys.sar.disk
	fi
}

debun_hpux () {
	add_extra debun_extra_hpux
}

debun_extra_aix () {
	alog -o -t console >${tmpdir}/sys.console-log
	oslevel -s >${tmpdir}/sys.aix.oslevel-s
	oslevel -sq >${tmpdir}/sys.aix.oslevel-sq

	if is_available sar ; then
		sar -u 1 5 >${tmpdir}/sys.sar.cpu 2>/dev/null
		sar -b 1 5 >${tmpdir}/sys.sar.disk 2>/dev/null1
	fi
}

debun_aix () {
	add_extra debun_extra_aix

	echo "Check package files integrity"
	rpm_verify syslog-ng-premium-edition syslog-ng-premium-edition-client syslog-ng-premium-edition-compact || \
		echo "No syslog-ng RPM packages have been found!"
	echo "list syslog-related packages"
	rpm -qa |grep syslog > ${tmpdir}/rpm.packages
}

detect_env_linux () {
	if is_available lsb_release ; then
		lsb_release -a | tee ${tmpdir}/sys.linux.lsb-all
		dist=$( lsb_release -si )
	fi
	if [ -r /etc/debian_version ]; then
		cat /etc/debian_version >${tmpdir}/sys.linux.os-release
		dist="Debian"
	elif [ -r /etc/redhat-release ]; then
		cat /etc/redhat-release >${tmpdir}/sys.linux.os-release
		dist="RHEL"
	elif [ -r /etc/slackware-version ]; then
		cat /etc/slackware-version >${tmpdir}/sys.linux.os-release
		dist="Slackware"
	elif [ -r /etc/SuSE-release ]; then
		cat /etc/SuSE-release >${tmpdir}/sys.linux.os-release
		dist="SUSE LINUX"
	else
		echo "Unknown or unsupported Linux distribution!"
		cat /etc/*release /etc/*version >${tmpdir}/sys.linux.os-release 2>/dev/null
	fi
}

detect_env () {
	###
	### Detecting syslog-ng ver: ose or pe
	###

	echo "Start environment detection"
	if [ -x /opt/syslog-ng/bin/loggen ] ; then
		syslogfhs=unix
		echo "Unix-like FHS detected"
	elif [ -d /etc/syslog-ng/ ]; then
		syslogfhs=linux
		echo "Linux-type FHS detected"
	else
		syslogfhs=unknown
		confdir=/nonexistent
		echo "No syslog-ng detected"
	fi

	os=$( uname -s )
	if [ "$os" = "Linux" ]; then
		detect_env_linux
	fi
}

setup_env_debian () {
	unset distpkgoffile
	unset distpkgstatus
	distpkgoffile () {
		local tmpfile=${tmpdir}/distpkgoffile.$$.tmp
		dpkg -S $1 >$tmpfile
		read x < $tmpfile
		rm $tmpfile
		echo "${x%: /*}"
	}
	distpkgstatus () {
		echo "@@@Package info for: ${1}"
		dpkg -s ${1}
		echo ""
	}
}

setup_env_redhat () {
	unset distpkgoffile
	unset distpkgstatus
	distpkgoffile () {
		local tmpfile=${tmpdir}/distpkgoffile.$$.tmp
		rpm -qf $1 >$tmpfile
		read x < $tmpfile
		rm $tmpfile
		echo "$x"
	}
	distpkgstatus () {
		echo "@@@Package info for: ${1}"
		rpm -qi ${1}
		echo ""
	}
}

setup_env_suse  () {
	unset distpkgoffile
	unset distpkgstatus
	distpkgoffile () {
		local tmpfile=${tmpdir}/distpkgoffile.$$.tmp
		rpm -qf $1 >$tmpfile
		read x < $tmpfile
		rm $tmpfile
		echo "$x"
	}
	distpkgstatus () {
		echo "@@@Package info for: ${1}"
		rpm -qi $1
		echo ""
	}
}

setup_env_slackware  () {
	initfile="/etc/rc.d/rc.syslog"
	service_start="${initfile} start"
	service_stop="${initfile} stop"

	if [ -f "/var/run/syslog-ng.pid" ]; then
		piddir="/var/run"
	fi

	unset service_status
	unset distpkgoffile
	unset distpkgstatus

	distpkgoffile () {
		local LINKTARGET
		local PKGLOGFILENAMES
		local SEARCHSTRING
		PKGLOGFILE=
		LINKTARGET=$( readlink -f "${1}" 2>/dev/null )
		SEARCHSTRING="${LINKTARGET##/}"
		PKGLOGFILENAMES=$( \
			( grep -r -m 1 -E "^${SEARCHSTRING}\$" /var/log/packages ; \
				[ "${SEARCHSTRING%%/*}" = "lib" ] && grep -r -m 1 -E "^lib/incoming/${SEARCHSTRING#*/}\$" /var/log/packages ; \
				[ "${SEARCHSTRING%%/*}" = "lib64" ] && grep -r -m 1 -E "^lib64/incoming/${SEARCHSTRING#*/}\$" /var/log/packages ) | \
			while read -r RESULT; do
				RESULT="${RESULT%%:*}"
				echo "${RESULT##*/}"
			done )
		if [ -n "${PKGLOGFILENAMES}" ]; then
			echo "${PKGLOGFILENAMES}"
		else
			echo "No installed package for '$1' found!" >&2
		fi
	}
	distpkgstatus () {
		local PIVOT
		local LASTLINE
		local PKGINFO
		echo "@@@Package info for: ${1}"
		PKGINFO=$( \
			( find /var/log/packages/ -name "${1}*" ) | \
			while read -r PKGLOGFILE; do
				PIVOT=$( fgrep -n "FILE LIST:" "${PKGLOGFILE}" )
				LASTLINE=$(( ${PIVOT%%:*} - 1 )) 2>/dev/null
				head -n ${LASTLINE:-16} "${PKGLOGFILE}"
				echo ""
			done )
		if [ -n "${PKGINFO}" ]; then
			echo "${PKGINFO}"
		else
			echo "The package '${1}' is not installed, or does not exist!" >&2
		fi
	}
}

setup_env_genlinux () {
	unset myplimit no_lsof_fallback
	myplimit () { [ -f "/proc/$1/limits" ] && cat /proc/$1/limits ; }
	no_lsof_fallback() { ls -l /proc/${1}/fd ; }

	if is_available systemctl ; then
		service_stop="systemctl stop syslog-ng"
		service_start="systemctl start syslog-ng"
		service_status="systemctl status syslog-ng"
	fi

	# sed -E uses extended regexes, and normally works on Linux and BSD, where perl is not present by default.
	# -e and -E patterns use different syntax, but the great thing is that the -E format also works with perl.
	# However older GNU sed versions do not support the -E option, so we have no other choice but perl in
	# these cases.
	if echo "eee" | sed -E 's/eee/fff/g' >/dev/null 2>/dev/null ; then
		:
	else
		sed_equivalent_cmd="perl -p -e"
	fi
}

setup_env_linux () {
	case "${dist}" in
		"Debian"|"Ubuntu")
			setup_env_debian
			;;
		"CentOS"|"RedHatEnterprise"|"RedHatEnterpriseServer"|"RHEL"|"OracleServer"|"EnterpriseEnterpriseServer")
			setup_env_redhat
			;;
		"SUSE LINUX")
			setup_env_suse
			;;
		"Slackware")
			setup_env_slackware
			;;
		*)
			echo "Unknown Distro, perhaps unsupported"
			;;
	esac

	setup_env_genlinux
}

setup_env_solaris () {
	dfi="df -o i"
	lsof=pfiles
	ipconfig="ifconfig -a"
	pscmd="ps -eaf"
	tcpdumpcmd="snoop"
	tcpdumpopts="-P -q -o"
	pcapifparm="-d"
	trace="truss -r all -w all -u libc:: -f"
	netstatpunt() { netstat -n ; }
	netstatpn() { netstat -n ; }
	netstatsu="netstat -s"
	grepq="/usr/xpg4/bin/grep -q"
	sed_equivalent_cmd="perl -p -e"

	unset -f mypidof
	unset -f getsyslogpids
	unset -f netstatlunp
	unset -f netstatnlp
	unset -f myplimit
	unset -f topcmd
	unset -f free
	unset -f distpkgoffile
	unset -f distpkgstatus
	unset -f is_available
	unset -f os_hash_helper
	unset -f timestamp
	unset -f findL

	is_available () { which "$1" | $grepq "no $1 in" && return 1 || return 0 ; }
	mypidof () { $pseao pid,comm | while read pid bin ; do [ "$bin" = "$1" ] && echo $pid ; done ; }
	getsyslogpids () { mypidof "${syslogrealbin}" ; }
	netstatnlp () { netstat -na ; }
	netstatlunp () { netstat -P udp -na ; }
	myplimit () { plimit $1 ; }
	free () { prtconf | grep Mem ; printf Pagesize:\  ; pagesize -a ; }
	timestamp () { perl -e 'print time, "\n";' ; }
	distpkgoffile () {
		FILE="$1"
		if [ -L "/lib/64" ]; then
			FILE=$( perl -sae '$libarch=readlink("/lib/64"); $filename =~ s/lib\/64/lib\/$libarch/; print "$filename\n";' -- -filename="$1" )
		fi
		pkgchk -l -p $FILE | \
		perl -ne 'if ( /^Referenced by the/ ) { $p=1; } elsif (/:/ or /^$/ ) { $p=0; } elsif ($p) { s/^\s+//; print ; } else { print "FAIL:".$_; }'
	}
	distpkgstatus () {
		echo "@@@Package info for: ${1}"
		pkginfo -l $1
		echo ""
	}

	if find -L /bin >/dev/null 2>&1 ; then
		findL() { find -L "$@" ; }
	else
		findL() { dir="$1"; shift; find "$dir" -follow "$@" ; }
	fi

	if is_available top; then
		topcmd ()  { top -b -n 1 -c > "${1}" ; }
	else
		topcmd () { ( uptime ; echo ; echo "::memstat" | mdb -k ; sar -u 1 1 ; echo ; ps -eao user,pid,ppid,pcpu,pmem,vsz,rss,tty,s,stime,args | head -n 1; ps -eao user,pid,ppid,pcpu,pmem,vsz,rss,tty,s,stime,args | grep -v COMMAND | sort -rn +3 ) >"${1}" 2>/dev/null ; }
	fi

	if is_available md5sum; then
		os_hash_helper () {
			find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -print0 | xargs -0 md5sum ;
		}
	elif is_available digest; then
		os_hash_helper () {
			find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -exec digest -a md5 -v '{}' \; | ${sed_equivalent_cmd} 's:^md5 (\(.*\)) = \([a-z0-9]\{32\}\)$:\2  \1:'
		}
	else
		os_hash_helper () { : ; }
	fi

	if is_available svcadm ; then
		service_stop="svcadm disable system/syslog-ng:default"
		service_start="svcadm enable system/syslog-ng:default"
		service_status="svcs system/syslog-ng:default"
	fi

	if is_available ${opensslcmd}; then
		:
	else
		[ -x /usr/sfw/bin/openssl ] && opensslcmd="/usr/sfw/bin/openssl"
	fi
}

setup_env_freebsd () {
	netstatpunt() { netstat -n ; }
	netstatpn() { netstat -n ; }
	netstatsu="netstat -s"
	ipconfig="ifconfig -a"
	pseao="ps xao"
	trace="truss -a -d -f -s 256"
	initfile="/etc/rc.d/syslog-ng"
	service_stop="${initfile} stop"
	service_start="${initfile} start"
	service_status="${initfile} status"

	unset -f free
	unset -f netstatnlp
	unset -f netstatlunp
	unset -f mypidof
	unset -f topcmd
	unset -f getsyslogpids
	unset -f distpkgoffile
	unset -f distpkgstatus
	unset -f os_hash_helper

	free () { top -bt 0 ; }
	netstatnlp () { sockstat ; }
	netstatlunp () { netstat -na | grep -E "(Internet|Proto|udp)" ; }
	topcmd ()  { top -b -d1 > "${1}" ; }
	mypidof () { $pseao pid,comm | while read pid bin ; do [ "$bin" = "$1" ] && echo $pid ; done; }
	getsyslogpids () { mypidof syslog-ng ; }
	distpkgoffile () { : ; }
	distpkgstatus () { : ; }
	os_hash_helper () {
		find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -exec md5 '{}' \; | ${sed_equivalent_cmd} 's:^MD5 (\(.*\)) = \([a-z0-9]\{32\}\)$:\2  \1:'
	}
}

setup_env_hpux () {
	gzipcmd="/usr/contrib/bin/gzip -9"
	lddcmd="/usr/ccs/bin/ldd"
	trace="/usr/local/bin/tusc -p -l -u -f"
	netstatsu="netstat -s"
	netstatpunt() { netstat -n ; }
	netstatpn() { netstat -n ; }
	ipconfig="netstat -ni"
	pscmd="ps -eaf"
	dfh="df"
	initfile="/sbin/init.d/syslog-ng"
	service_stop="${initfile} stop"
	service_start="${initfile} start"
	service_status="${initfile} status"
	sed_equivalent_cmd="perl -p -e"
	cpiopdL="cpio -pdh"

	unset -f free
	unset -f netstatnlp
	unset -f netstatlunp
	unset -f mypidof
	unset -f topcmd
	unset -f os_hash_helper
	unset -f getsyslogpids
	unset -f getparent
	unset -f getchilds
	unset -f is_available
	unset -f dfk_parser
	unset -f distpkgoffile
	unset -f distpkgstatus
	unset -f distpkgoffile_cleanup
	unset -f findL

	export UNIX95=1

	is_available () { which "$1" | $grepq "no $1 in" && return 1 || return 0 ; }
	free () { swapinfo -tam ; }
	netstatnlp () { netstat -na | grep -E "(Internet|Proto|LISTEN)" ; }
	netstatlunp () { netstat -na | grep -E "(Internet|Proto|udp)" ; }
	topcmd ()  { top -d 1 -f "${1}" ; }
	dfk_parser () { grep free | while read AVAIL REST_TEXT; do echo ${AVAIL}; done }
	findL() { dir="$1"; shift; find "$dir" -follow "$@" ; }
	os_hash_helper () {
		find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -exec md5sum '{}' \;
	}
	mypidof () { ps -e -f | while read uid pid ppid c stime tty time command extra ; do
		if [ "${stime%%:*}" = "${stime}" ]
		then
			[ "${extra%% *}" = "$1" ] && echo $pid
		else
			[ "${command%% *}" = "$1" ] && echo $pid
		fi ; done ; }
	getsyslogpids () { mypidof "${syslogrealbin}" ; }
	getparent () {
		local self
		local parent
		local ret
		local tmpfile=${tmpdir}/getparent.$$.txt
		ps -ef  >$tmpfile
		while read user pid ppid dummy ; do
			[ "$1" = "$pid" ] || continue
			ret=$ppid
		done < $tmpfile
		rm $tmpfile
		echo $ret
	}
	getchilds () {
		local childs
		local dummy
		local child
		local tmpfile=${tmpdir}/getchilds.$$.txt
		ps -ef >$tmpfile
		while read user pid ppid dummy ; do
			[ "$1" = "$ppid" ] || continue
			childs="${childs}${childs:+ }$pid"
		done < $tmpfile
		rm $tmpfile
		echo ${childs}
	}

	distpkgoffile () {
		local tmpfile=${tmpdir}/distpkgoffile.tmp
		if [ ! -f $tmpfile ]; then
			swlist -l file > "$tmpfile"
		fi
		grep $1 $tmpfile | cut -d : -f 1 | while read x; do
			echo "$x"
		done
	}
	distpkgstatus () {
		printf "@@@Package info for fileset/patch: %s\n" "$1"
		swlist -l fileset -a title -a description $1 | grep -v "^#" | grep -v "^\""
		printf "\n"
	}
	distpkgoffile_cleanup () {
		if [ -f "${tmpdir}/distpkgoffile.tmp" ]; then
			echo "Removing package list cache"
			rm "${tmpdir}/distpkgoffile.tmp"
		fi
	}
}

setup_env_aix () {
	ipconfig="ifconfig -a"
	pscmd="ps -eaf"
	dfh="df -k"
	netstatsu="netstat -s"
	netstatpunt() { netstat -n ; }
	netstatpn() { netstat -n ; }
	dmesg="alog -o -t boot"
	trace="truss -r all -w all -u libc:: -f"
	initfile=
	service_stop="/usr/bin/stopsrc -s syslog-ng"
	service_start="/usr/bin/startsrc -s syslog-ng"
	service_status="/usr/bin/lssrc -s syslog-ng"
	sed_equivalent_cmd="perl -p -e"
	cpiopdL="/usr/sysv/bin/cpio -pdL"

	unset -f initfile
	unset -f netstatnlp
	unset -f netstatlunp
	unset -f routeconfig
	unset -f free
	unset -f dfk_parser
	unset -f getsyslogpids
	unset -f mypidof
	unset -f topcmd
	unset -f format_ldd_output
	unset -f os_hash_helper

	format_ldd_output () { ${sed_equivalent_cmd} 's:^[^/]*\(.*\)$:\1:' -e 's:^\(.*\)(.*)$:\1:'; }
	netstatnlp () { netstat -na | grep -E "(Active|Proto|LISTEN)" ; }
	netstatlunp () { netstat -na | grep -E "(Internet|Proto|udp)" ; }
	dfk_parser () { tail -1 | while read FS ALL AVAIL UPERC IUPERC MP; do echo ${AVAIL}; done }
	routeconfig () { if netstat -nr 2>&1 | $grepq 'Permission error' ; then echo 'WPAR without its own routing table.' ; else netstat -nr ; fi ; }
	free () { svmon -G -O unit=KB ; }
	topcmd () { ( uptime ; svmon -G | head -n 3 ; sar -u 1 1 ; echo ; ps auxwww | head -n 1; ps auxwww | grep -v COMMAND | sort -rn +2 ) >"${1}" 2>/dev/null ; }
	mypidof () { ps -eaf | while read user pid ppid c stime tty time cmd extra; do
		if [ "${stime%%:*}" = "${stime}" ]
		then
			[ "${extra%% *}" = "$1" ] && echo $pid
		else
			[ "${cmd%% *}" = "$1" ] && echo $pid
		fi ; done ; }
	getsyslogpids () { mypidof "${syslogrealbin}" ; }

	unset distpkgoffile
	unset distpkgstatus
	distpkgoffile () {
		local tmpfile=${tmpdir}/distpkgoffile.$$.tmp
		rpm -qf $1 >$tmpfile
		read x < $tmpfile
		rm $tmpfile
		echo "$x"
	}
	distpkgstatus () {
		printf "@@@Package info for: %s\n" "$1"
		rpm -qi $1
		printf "\n"
	}
	os_hash_helper () {
		find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -exec csum -h MD5 '{}' \;
	}
}

setup_env_generic_pre () {
	:
}

setup_env_generic_post () {
	### Check if ss is available (should only be present on Linux)
	if is_available ss ; then
		unset -f routeconfig
		unset -f netstatnlp
		unset -f netstatlunp

		routeconfig () { ip route show ; }
		netstatnlp () { ss -nlp ; }
		netstatlunp () { ss -lunp ; }
		netstatpunt() { ss -punt ; }
		netstatpn() { ss -pn ; }
	fi
	if is_available netstat; then
		:
	else
		is_available nstat && netstatsu="nstat"
	fi
}

setup_env() {
	setup_env_generic_pre

	###
	### Decide OS (switch-like)
	###
	printf "\nOperating System Name: %s\n" "$os"
	if [ "$os" = "Linux" ]; then
		setup_env_linux
	elif [ "$os" = "SunOS" ]; then
		setup_env_solaris
	elif [ "$os" = "FreeBSD" ]; then
		setup_env_freebsd
	elif [ "$os" = "HP-UX" ]; then
		setup_env_hpux
	elif [ "$os" = "AIX" ]; then
		setup_env_aix
	else
		printf "Unkonwn or (yet) unhandled system\n"
	fi

	setup_env_generic_post
}

debun_run () {
	if [ "$os" = "Linux" ]; then
		debun_linux
	elif [ "$os" = "SunOS" ]; then
		debun_solaris
	elif [ "$os" = "FreeBSD" ]; then
		debun_freebsd
	elif [ "$os" = "HP-UX" ]; then
		debun_hpux
	elif [ "$os" = "AIX" ]; then
		debun_aix
	fi
}

run_specific_extras () {
	for i in ${extras}; do
		$i
	done
}

run_debug () {
	printf "\nStart Debug collection\n"
	if [ -n "${pcap_params}" ]; then
		if is_available $tcpdumpcmd ; then
			echo "Start packet dump in background with filters: ${pcap_params}"
			${tcpdumpcmd} ${tcpdumpopts} ${tmpdir}/debug.pcap ${pcap_iface:+$pcapifparm} ${pcap_iface} ${pcap_params} &
			pcappid=${!}
		else
			echo "tcpdump/snoop is not available" >&2
		fi
	fi
	if [ -n "${tracing}" ] && [ -z "${debug_params}" ]; then
		if is_available "${trace%% *}"; then
			for i in ${sngallpids}; do
				${trace} -o ${tmpdir}/trace.${i}.txt -p ${i} &
				tracepids="${tracepids}${tracepids:+ }${!}"
			done
		else
			echo "Tracing was requested but ${trace%% *} was not available!"
		fi
	fi
	if [ -n "${waitforit}" ]; then
		[ -n "${pcap_params}" ] && sleep 1
		echo "Waiting ${waitforit} secs before stop system's syslog-ng, and restart in debug mode."
		pad=''
		bs=''
		for i in $( seq 1 ${#waitforit} ); do pad="${pad} " ; bs="\b${bs}" ; done
		printf "Start countdown: ${pad}" >&3
		for i in $( seq ${waitforit} -1 1 ); do printf "${bs}${pad:${#i}}$i" >&3 ; sleep 1 ; done
		print "0\n">&3
		touch ${tmpdir}/syslog.debug
	fi
	if [ -n "${debug_params}" ]; then
		${service_stop}
		# We should implement a better waiting for the system service's shutdown, sleep 1 works for now
		sleep 1
		echo "Start syslog-ng debug with params: ${debug_params}"
		if [ -n "$tracing" ]; then
			if is_available "${trace%% *}"; then
				${trace} -o ${tmpdir}/trace.dbg.txt ${syslogbin} ${debug_params} >>${tmpdir}/syslog.debug 2>&1 &
				i=${!}
				tracepids="${i}"
				debugpid="$( getchilds ${i} )"
				echo "Trace: ${i} Debug: ${debugpid}"
			else
				echo "Tracing was requested but ${trace%% *} was not available!"
				${syslogbin} ${debug_params} >>${tmpdir}/syslog.debug 2>&1 &
				debugpid=${!}
			fi
		else
			${syslogbin} ${debug_params} >>${tmpdir}/syslog.debug 2>&1 &
			debugpid=${!}
		fi
	fi

	if [ -n "$debug_mode" ]; then
		sleep 1
		acquire_syslog_stats
	fi

	[ -n "${timeout}" ] || echo "When you want to stop collecting data, press ENTER" >&3
	if [ -n "${waitforit}" ]; then
		sleep 1
		# Let's give time the user, to read the message about stopping
		tail -f ${tmpdir}/syslog.debug >&3 &
		debugtailpid=${!}
		#disown
	fi
	if [ -n "${timeout}" ];
	then
		sleep "${timeout}"
	else
		read line
	fi
	}

###
### Main program tasks
###

debun_init
detect_env
setup_env
debun_run
[ "$syslogfhs" = "linux" ] && fhs_set_linux
[ "$syslogfhs" = "unix" ] && fhs_set_unix
run_specific_extras
acquire_general_info
if [ -n "$privacy_mode" ]; then
	acquire_syslog_nprv
else
	acquire_syslog_all
fi
[ -n "$debug_mode" ] && run_debug
debun_final
